My company got hacked and it took about a month to restore all the backups. During that time, we were using mobile hotshots and passing around flash drives. After that, everything essentially returned to normal aside from making sure all the offline work got where it needed to go. We did not pay the ransom

Asking someone familliar with this stuff ont he IT end: Does it sound like my company was prepared aside from getting hacked in the first place?

[–] cron@feddit.org 6 points 2 months ago

Hard to judge from the outside, but I would say you were prepared (with room for improvement).

You had working backups
Your backups were well protected
You did not pay the ransom
You were able to work with the limited tools you had
And everything restored within one month.

Companies that are not well prepared:

Have no backups or their backups encrypted, too
Are not able to operate during the recovery phase
Pay the ransom
Have no plan in what order to restore stuff
Are impacted even one year later ... or go bankrupt.

[–] TexMexBazooka@lemm.ee 1 points 2 months ago

No, you didn’t meet a reasonable RPO, which is the amount of time between the security incident and a full recovery. Usually with full backups the goal is to get everything back up and running within 24-48 hours, which is pretty much only possible if you have adequate backups to take a “nuke it and rollback” approach